Bug#810799: libcgi-session-perl: Perl DSA-3441-1 exposes taint bug in CGI::Session::Driver::file

Chris Boot crb at tiger-computing.co.uk
Tue Jan 12 12:54:19 UTC 2016


Control: tag -1 security

On 12/01/16 12:28, Chris Boot wrote:
[snip]
> Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=80346
> 
> Dear Maintainer,
> 
> With Perl upgraded from 5.20.2-3+deb8u1 to 5.20.2-3+deb8u2, our
> installation of TWiki (http://twiki.org/) no longer functions. This
> happens due to CGI::Session::Driver::file complaining about taint.

I'm bringing this bug to the attention of the security team, as it has
only come to light since the Jessie DSA of Perl (DSA-3441-1), so it's a
stable security regression.

Regards,
Chris

-- 
Chris Boot

Tiger Computing Ltd
IS27001:2013 Certified

Tel: 01600 483 484
Web: https://www.tiger-computing.co.uk

Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
 Wyastone Leys, Monmouth, NP25 3SR



More information about the pkg-perl-maintainers mailing list